+ Post New Thread
Results 1 to 12 of 12
Windows Server 2000/2003 Thread, Exchange server 2003 sending out emails in Technical; Hi Guys , Since coming back from holiday i have noticed something sending out mail via our exchange 2003 smtp ...
  1. #1

    Join Date
    Dec 2009
    Posts
    605
    Thank Post
    8
    Thanked 36 Times in 34 Posts
    Rep Power
    17

    Exchange server 2003 sending out emails

    Hi Guys ,

    Since coming back from holiday i have noticed something sending out mail via our exchange 2003 smtp server .

    Its managed to send out like 15k emails out on a random day !

    Its confusing me where its coming from , i dont think its an internal machine as its been sending out on the weekend and we only have 1 machine on all the time ( apart from the servers) .

    its not using an internal account but using it own outside address ( its pretending to be banks etc )

    Outside relay is disabled so its not that .

    Can some one relay if they manage to obtain admin password etc ?

    Many thanks
    Luke

  2. #2
    bart21's Avatar
    Join Date
    Aug 2009
    Location
    peterborough
    Posts
    404
    Thank Post
    77
    Thanked 54 Times in 52 Posts
    Rep Power
    20
    Hi

    Have a look at this. Preventing Exchange 2000/2003 from Relaying

    Think it might help you, you are best to sort this ASAP otherwise other domains (such as yahoo) will blacklist your domain meaning you cannot send email to them!

    nick

  3. #3

    Join Date
    Dec 2009
    Posts
    605
    Thank Post
    8
    Thanked 36 Times in 34 Posts
    Rep Power
    17
    Thanks .

    Had a look at that already , We have GFI mail essentials which blocks spam but unsure how this is happening tbh ! as i have checked all servers and any desktops that have been on and they all seem ok !.

    Im thinking maybe some one is authenticating with a username and password somehow to send the spam

  4. #4
    bart21's Avatar
    Join Date
    Aug 2009
    Location
    peterborough
    Posts
    404
    Thank Post
    77
    Thanked 54 Times in 52 Posts
    Rep Power
    20
    Is the anonomous access (as mentioned in the website link) switched off?

    If yes, it sounds like they are authenticating.

    maybe @sukh can help??

    nick

  5. #5

    Join Date
    Dec 2009
    Posts
    605
    Thank Post
    8
    Thanked 36 Times in 34 Posts
    Rep Power
    17
    intresting ...

    'Is the anonomous access (as mentioned in the website link) switched off?'

    if i untick this , wont it stop all incoming mail beacause they cant connect to the SMTP to send mail ?

  6. #6
    bart21's Avatar
    Join Date
    Aug 2009
    Location
    peterborough
    Posts
    404
    Thank Post
    77
    Thanked 54 Times in 52 Posts
    Rep Power
    20
    What's a "Relay"?

    First let's see what "relaying" is:
    1.
    A user in your domain wants to send e-mail to another user in your domain - This is NOT relaying.

    2.
    An outside user (from the Internet) wants to send e-mail to another user in your domain - This is NOT relaying.


    3.
    A user in your domain wants to send e-mail to an outside user (on the Internet) - This IS relaying.

    4.
    An outside user (from the Internet) wants to send e-mail to an outside user (on the Internet) - This IS relaying.
    It shouldnt stop all incoming mail (see point 2 above), Personally i would disable it (as per the website link above) and try sending an email from my gmail account and see if it gets through

    If you read the article, you can also put relay restrictions if needed.

    nick
    Last edited by bart21; 22nd August 2011 at 12:35 PM. Reason: cant spell!! :)

  7. #7

    Join Date
    Dec 2009
    Posts
    605
    Thank Post
    8
    Thanked 36 Times in 34 Posts
    Rep Power
    17
    Im pretty sure if i enable that its going its going to disable all incoming mail . As its not todo with the relay but more to do with the SMTP server and allowing users to send incoming mail without authenticating if i read that correctly.

    I enabled logging the other day on messages and can see that a lot of the mail is coming from a outside source IP.

    i have just enabled also SMTP logging , so should hopefully when they send out there next lot of messages see what user is authenticating . Also enabled account logon audit IN GP to see auth requests.

    Under relays allow all PC authentication was enabled , I unchecked this and added all internal ranges only
    Last edited by 2097; 22nd August 2011 at 01:47 PM.

  8. #8

    Join Date
    Dec 2008
    Location
    Essex
    Posts
    2,137
    Thank Post
    1
    Thanked 326 Times in 316 Posts
    Rep Power
    77
    1. By default exch 2003 wont allow relaying unless a config has been changed,
    2. GFI will prevent spam but that doesnt mean it will prevent relaying, only spam coming into your Org.
    3. It could be spyware/virus internally on your network.
    4. Have yoyu got AV deployed on all your desktop and servers and are they up to date?
    5. Can you verify point 4? Do you have centralised reporting for your Av to show update status?
    6. When messgae are sent, are t hey sent internally to users or externally?
    7. Can you post a message header of one?
    8. Check Exch 2003 MT and SMTP logs (if not turned on turn on now).
    9. KB posted by Bart is good, follow that.
    10. If your concerned then describe your mail setup? Exch? gateways? Firewalls, how meesage flow internally and externally.

    Thanks
    Sukh

  9. #9

    Join Date
    Dec 2009
    Posts
    605
    Thank Post
    8
    Thanked 36 Times in 34 Posts
    Rep Power
    17
    Thanks for the post

    After enabling SMTP logs ive noticed this is a external client

    They are relaying , and are using it to spam outside accounts

    Ive enabled some more logging to see what account they are using to authenticate.

    It is currently enabled that all Authenticated users can Relay and Submit , I have modified what computers can use relay .. I think i might just enable it so only Admins can use the relay service , So this will still allow my applications to send out some emails

  10. #10

    Join Date
    Dec 2008
    Location
    Essex
    Posts
    2,137
    Thank Post
    1
    Thanked 326 Times in 316 Posts
    Rep Power
    77

  11. #11

    Join Date
    Dec 2009
    Posts
    605
    Thank Post
    8
    Thanked 36 Times in 34 Posts
    Rep Power
    17
    found out the authenticating user .. test1 was the account name .. I think i could guess the password lol !

    disabled the account for now . Think it was setup prior to my arrival

    Thanks every one for the help

    Manage to catch it out with using MXexchange transport logging . no other logs will log it

  12. #12

    Join Date
    Dec 2008
    Location
    Essex
    Posts
    2,137
    Thank Post
    1
    Thanked 326 Times in 316 Posts
    Rep Power
    77
    glad it;s resolved, I would have expected some logging in MT and SMTP.

SHARE:
+ Post New Thread

Similar Threads

  1. Outlook 2003 and Exchange Server 2003
    By faza in forum How do you do....it?
    Replies: 9
    Last Post: 8th October 2009, 08:16 PM
  2. Exchange Server 2003 + Resource Kit
    By tosca925 in forum Books and Manuals
    Replies: 1
    Last Post: 12th June 2007, 09:55 AM
  3. Exchange Server 2003 - HDD Fail - Please Help
    By ninjabeaver in forum Windows
    Replies: 6
    Last Post: 20th March 2007, 05:06 PM
  4. RE-installing Exchange Server 2003 onto Server 2003
    By faza in forum Wireless Networks
    Replies: 6
    Last Post: 24th July 2006, 11:20 AM
  5. Exchange Server 2003 licensing query
    By tarquel in forum Windows
    Replies: 5
    Last Post: 4th July 2005, 01:56 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •